Firewall | Stateful packet inspection Reassembly-Free Deep Packet Inspection DDoS attack protection (UDP/ICMP/SYN flood) IPv4/IPv6 support Biometric authentication for remote access DNS proxy REST APIs SonicWall Switch integration |
TLS/SSL/SSH decryption and inspection | TLS 1.3 Deep packet inspection for TLS/SSL/SSH Inclusion/exclusion of objects, groups or hostnames SSL control Granular DPI-SSL controls per zone or rule Decryption Policies for SSL/TLS and SSH |
Capture advanced threat protection1 | Real-Time Deep Memory Inspection Cloud-based multi-engine analysis Virtualized sandboxing Hypervisor level analysis Full system emulation Broad file type examination Automated and manual submission Real-time threat intelligence updates Block until verdict Capture Client |
Intrusion prevention | Signature-based scanning Automatic signature updates Bi-directional inspection Granular IPS rule capability GeoIP enforcement Botnet filtering with dynamic list Regular expression matching |
Anti-malware | Stream-based malware scanning Gateway anti-virus Gateway anti-spyware Bi-directional inspection No file size limitation Cloud malware database |
Application identification | Application control Application bandwidth management Custom application signature creation Data leakage prevention Application reporting over NetFlow/IPFIX Comprehensive application signature database |
Traffic visualization and analytics | User activity Application/bandwidth/threat usage Cloud-based analytics |
HTTP/HTTPS Web content filtering | URL filtering Proxy avoidance Keyword blocking Policy-based filtering (exclusion/inclusion) HTTP header insertion Bandwidth manage CFS rating categories Content Filtering Client |
VPN | Auto-provision VPN IPSec VPN for site-to-site connectivity SSL VPN and IPSec client remote access Redundant VPN gateway Mobile Connect for iOS, Mac OS X, Windows, Chrome, Android and Kindle Fire Route-based VPN (OSPF, RIP, BGP) |
Networking | Multi-instance firewall (only on NSsp 15700)PortShield Jumbo frames Path MTU discovery Enhanced logging VLAN trunking Port mirroring Layer-2 QoS Port security Dynamic routing (RIP/OSPF/BGP) Policy-based routing (ToS/metric and ECMP) NAT DHCP server Bandwidth management Link aggregation (static and dynamic) Port redundancy A/P high availability with state sync Inbound/outbound load balancing High availability - Active/Standby with state sync Wire/virtual wire mode, tap mode, NAT mode Asymmetric routing |
VoIP | Granular QoS control Bandwidth management DPI for VoIP traffic H.323 gatekeeper and SIP proxy support |
Management and monitoring | Web GUI Command line interface (CLI) Zero-Touch registration & provisioning Rest API SonicExpress mobile app support |
Management and monitoring cont’d | Centralized management and reporting with SonicWall Network Security Manager (NSM)1 Logging Netflow/IPFix exporting Cloud-based configuration backup Application and bandwidth visualization IPv4 and IPv6 management |
Unified Security Policy | Unified Policy combines Layer 4 to Layer 7 rules: Source/Destination IP/Port/Service Application Control CFS/Web Filtering Single Pass Security Services enforcement IPS/GAV/AS/Capture ATP Rule management: Cloning Shadow rule analysis In-cell editing Group editing Managing views Used/un-used rules Active/in-active rules Sections |